from the like-that-won't-be-abused? dept

One of the key points that officials have been making in defense of the NSA surveillance is this idea that even if they're collecting all this data on your communications, they can't actually do anything with it, because they keep it safely locked up in a lockbox, and only check it if they have some bit of data they want to find out about later. That was the crux of the claims made by former NSA/CIA boss Michael Hayden who seemed to think that "data mining" and "asking the database questions" were two different things. However, as William Saletan is pointing out at Slate, the lockbox is a lie. There is no lockbox. He quotes officials including NSA boss Keith Alexander and Congress's number one NSA apologist, Rep. Mike Rogers, both suggesting strongly that even if the NSA is collecting all your data, it's safe because it can't be explored without a "very specific court-ordered approval process."

Except... what they conveniently left out, is that the court doesn't review any of this. It appears that it probably set some very basic rules up front when it gave the okay on collecting the data, which no one else gets to know about, and no one carefully checks up on the NSA later to see if they really follow any of those rules. What the claims most certainly do not mean, is that the NSA needs to get a court order to search the database. Senator Dianne Feinstein admitted as much directly:

Q: Is a court order necessary to query the metadata database?Feinstein: Is a court order necessary to query—Q: The metadata database under 215. An individual court order for each query.Feinstein: A court order—well, I don't know what you mean by a query. A court order—Q: To search the database.Feinstein: To search the database, you have to have reasonable, articulable cause—Q: Certified by a judge?Feinstein: —to believe that that individual is connected to a terrorist group. You cannot—Q: But does that have to be determined by a judge?Feinstein: Could I answer? You may not like it, but I'll answer. Then you can query the numbers. The only numbers you have—there's no content. You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. If you want to collect content, then you get a court order.Q: So you don't need a court order for the query itself.Feinstein: That's my understanding.

And yet, as the article notes, most of the defenders of the program strongly imply otherwise, highlighting the "court-approved" process that people need to go through to query the database. But if there's no real oversight, and no court reviewing each query, then, as Saletan points out, there is no lockbox.

There's no lock on the lockbox.

That hasn't stopped current and former government officials from repeating the lockbox line. Yesterday Rogers used it again on Face the Nation. Dick Cheney, appearing on Fox News Sunday, backed him up. On Meet the Press, Michael Hayden, the guy who ran the NSA when it began collecting phone records, assured Rep. Bobby Scott, (D-Va.,) "The only way you can access the metadata is through a terrorist predicate." When Scott asked, "Where is that written?" Hayden replied: "It's in the court order." Really? Where's the court order? When is it applied, and how?

If the court isn't screening data requests, that leaves two possibilities. One is that nobody's screening them. The other is that some other, unknown entity is doing it in a way that nobody has explained. Either way, the answers we're getting are unacceptable. They betray privacy, public trust, and national security.

If there's no public standard, and no official oversight or review process, then the probability that the database is being abused approaches one very, very quickly.